Heap Use-After-Free Vulnerability in FFmpeg by VideoLAN
CVE-2024-31578

Currently unrated

Key Information:

Vendor: VideoLAN
Status: FFmpeg
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-31578?

A vulnerability was identified in FFmpeg version n6.1.1, which could lead to a heap use-after-free condition in the av_hwframe_ctx_init function. This issue may allow attackers to exploit the faulty memory management, potentially leading to unexpected behavior during video processing, denial of service, or arbitrary code execution.

References

https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83...

https://gist.github.com/1047524396/45400cce5859d78dcd3a62...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 5, 2024